From 2eb686ef41b9395e91bff1f8232b88dca49edca3 Mon Sep 17 00:00:00 2001
From: mcolonna <mcolonna@student.42perpignan.fr>
Date: Mon, 16 Jun 2025 14:54:40 +0200
Subject: [PATCH] dev: make database password a secret

---
 srcs/.env                                             |  1 +
 srcs/docker-compose.yml                               |  8 ++++++++
 srcs/requirements/mariadb/Dockerfile                  |  1 -
 srcs/requirements/mariadb/run.sh                      | 11 +++++++++--
 .../requirements/wordpress/conf/wwwmore/wp-config.php |  2 +-
 5 files changed, 19 insertions(+), 4 deletions(-)
 create mode 100644 srcs/.env

diff --git a/srcs/.env b/srcs/.env
new file mode 100644
index 0000000..e419ce1
--- /dev/null
+++ b/srcs/.env
@@ -0,0 +1 @@
+DATABASE_PWD=SuperComplexDatabasePassword
diff --git a/srcs/docker-compose.yml b/srcs/docker-compose.yml
index b9dca18..19f7028 100644
--- a/srcs/docker-compose.yml
+++ b/srcs/docker-compose.yml
@@ -20,16 +20,24 @@ services:
     depends_on:
       mariadb:
         condition: service_healthy
+    secrets:
+      - database-pwd
 
   mariadb:
     build: ./requirements/mariadb
     volumes:
       - db:/db:rw
+    secrets:
+      - database-pwd
 
 volumes:
   www:
   db:
 
+secrets:
+  database-pwd:
+    environment: "DATABASE_PWD"
+
 ### services ###
 # image:
 # build:
diff --git a/srcs/requirements/mariadb/Dockerfile b/srcs/requirements/mariadb/Dockerfile
index 16f1044..0e42e8a 100644
--- a/srcs/requirements/mariadb/Dockerfile
+++ b/srcs/requirements/mariadb/Dockerfile
@@ -10,7 +10,6 @@ RUN mkdir -p /etc/my.cnf.d/
 COPY conf/mariadb-server.cnf /etc/my.cnf.d/mariadb-server.cnf
 COPY run.sh /run.sh
 
-# TODO(secret)
 RUN addgroup -S www && adduser -S www www
 RUN mkdir /db
 RUN chmod -R 666 /db
diff --git a/srcs/requirements/mariadb/run.sh b/srcs/requirements/mariadb/run.sh
index d18bd1d..1319dd1 100755
--- a/srcs/requirements/mariadb/run.sh
+++ b/srcs/requirements/mariadb/run.sh
@@ -15,11 +15,18 @@ then
 	echo
 	chmod -R 777 /db
 	mariadb-install-db --user=www --datadir=/db
-	# TODO(secret)
+	echo "creating database..."
+	DATABASE_PWD="$(cat /run/secrets/database-pwd)"
+	if ! [[ "$DATABASE_PWD" =~ ^[a-zA-Z0-9_]+$ ]]
+	then
+		echo "the DB password must contain only letters, digits or '_'."
+		echo
+		exit 1
+	fi
 	echo '
 		FLUSH PRIVILEGES;
 		CREATE DATABASE wp;
-		GRANT ALL PRIVILEGES ON wp.* TO wwsw IDENTIFIED BY "ultraPassword";
+		GRANT ALL PRIVILEGES ON wp.* TO www IDENTIFIED BY "'$DATABASE_PWD'";
 		FLUSH PRIVILEGES;
 	' | mariadbd -u root --bootstrap
 	echo
diff --git a/srcs/requirements/wordpress/conf/wwwmore/wp-config.php b/srcs/requirements/wordpress/conf/wwwmore/wp-config.php
index b86e80c..157cff5 100644
--- a/srcs/requirements/wordpress/conf/wwwmore/wp-config.php
+++ b/srcs/requirements/wordpress/conf/wwwmore/wp-config.php
@@ -26,7 +26,7 @@ define( 'DB_NAME', 'wp' );
 define( 'DB_USER', 'www' );
 
 /** Database password */
-define( 'DB_PASSWORD', 'ultraPassword' );  # TODO(secret)
+define( 'DB_PASSWORD', `cat /run/secrets/database-pwd` );
 
 /** Database hostname */
 define( 'DB_HOST', 'mariadb:3306' );